package com.module.controller;

import com.module.configuration.UserToken;
import com.module.configuration.VirtualType;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class LoginController {
    @RequestMapping("/login")
    public String login(String username) {
        //添加用户认证信息
        Subject subject = SecurityUtils.getSubject();
        UserToken userToken=new UserToken(
                "张三","", VirtualType.Cryptonym
        );
        try {
            //进行验证，这里可以捕获异常，然后返回对应信息
            subject.login(userToken);
//            subject.checkRole("admin");
//            subject.checkPermissions("query", "add");
        } catch (AuthenticationException e) {
            e.printStackTrace();
            return "账号或密码错误！";
        } catch (AuthorizationException e) {
            e.printStackTrace();
            return "没有权限";
        }
        return "login success";
    }
    //登录之后用户直接访问的url
    @RequiresPermissions("/xxx")
    @RequestMapping("/xxx")
    public String xxx(){
        return "xxx访问成功了";
    }

    //匿名用户直接访问的url
    @RequiresPermissions("/dolook")
    @RequestMapping("/dolook")
    public String dolook(){
        return "dolook访问成功了";
    }
    //匿名用户直接访问的url
    @RequiresPermissions("/dosometing")
    @RequestMapping("/dosometing")
    public String dosometing(){
        return "dosometing";
    }
}
